In my tests with the debops.lxc ansible role and a Debian 11.x VM I somehow found out that my containers only started with dropping the “sys_admin” capability. As far as I remember I took that from some bug report or support thread, I can’t find that one anymore right now.
Is it correct to drop that, is it necessary, or is that maybe be fixed in LXC-4.0.9? I wonder if 4.0.9 will be part of stable Debian-11.x, though.
Thanks.